Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / cb732dc9fdb47cda1a94b844fc6d4f5c4a703127^! / . / compos / composd
commitcb732dc9fdb47cda1a94b844fc6d4f5c4a703127[log] [tgz]
authorAlan Stokes <alanstokes@google.com>Tue Nov 16 15:18:13 2021 +0000
committerAlan Stokes <alanstokes@google.com>Tue Nov 16 15:33:55 2021 +0000
tree3576e4f9a7c1d4bd9f461609ff99d8eee707016e
parente4eeaedbebc14a6ba100c68a5a43aab70c665220 [diff]
Check calling user in composd.

Access to our service is already restricted by selinux, so this is
really just an extra safety check.

Test: Run composd
Bug: 186126194
Change-Id: Ib997c4bb282ac1c3d654d57bb84845a455893f2c

diff --git a/compos/composd/Android.bp b/compos/composd/Android.bp
index ecfea61..8391ed6 100644
--- a/compos/composd/Android.bp
+++ b/compos/composd/Android.bp

@@ -19,6 +19,7 @@
         "libcomposd_native_rust",
         "libnum_traits",
         "liblog_rust",
+        "librustutils",
         "libshared_child",
     ],
     proc_macros: ["libnum_derive"],

diff --git a/compos/composd/src/service.rs b/compos/composd/src/service.rs
index 351eae9..4d9dc58 100644
--- a/compos/composd/src/service.rs
+++ b/compos/composd/src/service.rs

@@ -25,12 +25,15 @@
     ICompilationTaskCallback::ICompilationTaskCallback,
     IIsolatedCompilationService::{BnIsolatedCompilationService, IIsolatedCompilationService},
 };
-use android_system_composd::binder::{self, BinderFeatures, Interface, Strong};
+use android_system_composd::binder::{
+    self, BinderFeatures, ExceptionCode, Interface, Status, Strong, ThreadState,
+};
 use anyhow::{Context, Result};
 use binder_common::new_binder_service_specific_error;
 use compos_aidl_interface::aidl::com::android::compos::{
     CompilationResult::CompilationResult, FdAnnotation::FdAnnotation,
 };
+use rustutils::users::{AID_ROOT, AID_SYSTEM};
 
 pub struct IsolatedCompilationService {
     instance_manager: InstanceManager,
@@ -48,7 +51,11 @@
         &self,
         callback: &Strong<dyn ICompilationTaskCallback>,
     ) -> binder::Result<Strong<dyn ICompilationTask>> {
-        // TODO - check caller is system or shell/root?
+        let calling_uid = ThreadState::get_calling_uid();
+        // This should only be called by system server, or root while testing
+        if calling_uid != AID_SYSTEM && calling_uid != AID_ROOT {
+            return Err(Status::new_exception(ExceptionCode::SECURITY, None));
+        }
         to_binder_result(self.do_start_test_compile(callback))
     }
 
@@ -57,7 +64,11 @@
         args: &[String],
         fd_annotation: &FdAnnotation,
     ) -> binder::Result<CompilationResult> {
-        // TODO - check caller is odrefresh
+        let calling_uid = ThreadState::get_calling_uid();
+        // This should only be called by odrefresh, which runs as root
+        if calling_uid != AID_ROOT {
+            return Err(Status::new_exception(ExceptionCode::SECURITY, None));
+        }
         to_binder_result(self.do_compile_cmd(args, fd_annotation))
     }